Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google results redirects


  • This topic is locked This topic is locked
14 replies to this topic

#1 HopewellJAM

HopewellJAM

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 01 July 2009 - 07:00 PM

My computer is showing multiple symptoms of an infection. The most noticeable is thadlinksearchat when I do a Google search and then click on a result it takes me to a seemingly random web page. Often a page that presents new search results on my original topic. Some recent examples are adlinksearch.com and realtor.com but there are many more.

I'm running Windows XP Pro SP3 and it's as updated as I can make it. I use the Firefox browser. My anti-virus is Symantec Endpoint Protection 11. I've run full scans with Malwarebytes and Spybot Search and Distroy and a full can with Symantec. I then ran HiJack This and posted here.

There's at least a couple more things going wrong lately. I'll list them in case they matter.

I get a Vibrant survey pop up when reading the New York Times.

Starting a couple of days ago I started getting a Data Execution Prevention error when windows starts up and whenever I try to use FTP. The text of the error message is To help protect you computer, Windows has closed this program. Application Layer Gateway Service.

Finally, I can't check my home e-mail account with Thunderbird any more. When I try Symantec EndPoint Protect throws an error: Symantec user Session has encountered a problem and needs to close. We are sorry for the inconvenience. Thunderbird then tells me: Could not connect to server incoming.verizon.net; the connection was refused. If I uninstall Symantec everything works fine. When I reinstall Symantec the error returns. There's no problem with checking my work account.

That's alot however I would certainly appreciate help with any of these problems.

Thanks in advance. Here's the HiJackThis log.

************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:35:06 PM, on 7/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\optimum\olicense\olicenseserver.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dantz\Client\Remotsvc.exe
C:\Program Files\Dantz\Client\retroclient.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\System\CmFlywav.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\JMicron\JMBtnMgr.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System\CMAS2DS.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CmFlywaveName] C:\WINDOWS\System\CmFlywav.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NPDTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: JMicron Button Manager.lnk = C:\Program Files\JMicron\JMBtnMgr.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1202413503274
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165784623848
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/lang/neutral/SysVerChk.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%20LT%202002/AcDcToday.ocx
O16 - DPF: {975BA4C8-C5A7-4CFD-9F42-10CF4B75F580} (Actx Control) - https://expertslive.lenovo.com/home/activex/actx.cab
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%20LT%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%20LT%202002/AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ailr.com
O17 - HKLM\Software\..\Telephony: DomainName = ailr.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ailr.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ailr.com
O18 - Protocol: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - C:\Program Files\Common Files\BricsCad\BrxProtIE.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OLicense Server (OLicenseServer) - Optimum GmbH, D-71686 Remseck, Germany - C:\Program Files\optimum\olicense\olicenseserver.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Client - Dantz Development Corporation - C:\Program Files\Dantz\Client\Remotsvc.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Client\rthlpsvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 18021 bytes

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:26 PM

Posted 04 July 2009 - 06:34 PM

Hello HopewellJAM,

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

**************

Please download GooredFix and save it to your Desktop.
Double-click Gooredfix.exe to run it. Select 1.
Find Goored (no fix)
by typing 1 and pressing Enter.
A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.

**************

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Select Files and Folders created in last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
    info.txt can also be found at c:\RSIT\info.txt

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 HopewellJAM

HopewellJAM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 06 July 2009 - 08:41 PM

SifuMike,

Thanks for the reply. Here we go.

********* checkup.txt from SecurityCheck.exe *********

Results of screen317's Security Check version 0.98.4
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Enabled!
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Spybot - Search & Destroy
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java™ 6 Update 13
Java™ 6 Update 5
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Norton ccSvcHst.exe
Spybot SDHelper is disabled!
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 40 seconds.
`````````End of Log```````````

********** GooredLog.txt **********

GooredFix by jpshortstuff (03.07.09)
Log created at 21:26 on 06/07/2009 (jmiller)
Firefox version 3.5 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{2B119677-C145-4C81-A9DD-1ABD7D4F61A9} -> Success!
Deleting C:\Documents and Settings\jmiller\Local Settings\Application Data\{2B119677-C145-4C81-A9DD-1ABD7D4F61A9} -> Success!

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [20:01 21/11/2006]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [13:49 25/03/2008]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [18:25 21/07/2008]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [14:19 25/11/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [21:04 19/12/2008]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [11:41 01/04/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [00:44 31/01/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [14:18 25/11/2008]

-=E.O.F=-

********** log.txt from RIST.exe **********

Logfile of random's system information tool 1.06 (written by random/random)
Run by jmiller at 2009-07-06 21:33:21
Microsoft Windows XP Professional Service Pack 3
System drive C: has 63 GB (35%) free of 180 GB
Total RAM: 2046 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:44 PM, on 7/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\optimum\olicense\olicenseserver.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dantz\Client\Remotsvc.exe
C:\Program Files\Dantz\Client\retroclient.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\System\CmFlywav.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe
C:\WINDOWS\System\CMAS2DS.EXE
C:\Program Files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\JMicron\JMBtnMgr.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jmiller\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\jmiller.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CmFlywaveName] C:\WINDOWS\System\CmFlywav.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NPDTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: JMicron Button Manager.lnk = C:\Program Files\JMicron\JMBtnMgr.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1202413503274
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165784623848
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/lang/neutral/SysVerChk.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%20LT%202002/AcDcToday.ocx
O16 - DPF: {975BA4C8-C5A7-4CFD-9F42-10CF4B75F580} (Actx Control) - https://expertslive.lenovo.com/home/activex/actx.cab
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%20LT%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%20LT%202002/AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ailr.com
O17 - HKLM\Software\..\Telephony: DomainName = ailr.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ailr.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ailr.com
O18 - Protocol: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - C:\Program Files\Common Files\BricsCad\BrxProtIE.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OLicense Server (OLicenseServer) - Optimum GmbH, D-71686 Remseck, Germany - C:\Program Files\optimum\olicense\olicenseserver.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Client - Dantz Development Corporation - C:\Program Files\Dantz\Client\Remotsvc.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Client\rthlpsvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 18103 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-02-02 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-23 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F040E541-A427-4CF7-85D8-75E3E0F476C5}]
CPwmIEBrowserHelper Object - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2006-07-14 719616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2008-06-06 181536]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2006-06-03 856064]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008-03-24 68464]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2006-02-14 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-02-14 512000]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-19 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"PDService.exe"=C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe [2006-03-13 41472]
"LPManager"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe [2008-01-11 144728]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-06-05 242976]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-02-02 122940]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2006-07-14 2341632]
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog []
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [2006-08-16 69632]
"AMSG"=C:\PROGRA~1\THINKV~2\AMSG\amsg.exe [2005-11-14 487424]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2008-07-05 143360]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2008-07-05 425984]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-08-09 221184]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2006-07-07 600896]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"CmFlywaveName"=C:\WINDOWS\System\CmFlywav.exe [2007-10-05 283466]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
""= []
"LPMailChecker"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe [2008-01-11 124248]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe [2008-06-25 1274792]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe [2008-06-24 884696]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2008-06-24 140568]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"NPDTRAY"=C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe [2006-07-20 221184]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-06-21 115560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-05-18 196696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2006-11-03 189952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-08-09 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-08-09 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
TotalMedia Backup Monitor.lnk - C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\jmiller\Start Menu\Programs\Startup
JMicron Button Manager.lnk - C:\Program Files\JMicron\JMBtnMgr.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2008-07-05 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-01-03 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll [2006-08-16 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll [2007-08-14 89600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2008-03-17 34080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap
"notification packages"=scecli
ACGina
psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"disablecad"=0
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Setup.exe"="D:\Setup.exe:*:Enabled:Setup"
"C:\Program Files\NPortSearch\nploc.exe"="C:\Program Files\NPortSearch\nploc.exe:*:Enabled:NPort Search Utility"
"C:\Program Files\NPortDrvManager\Npcom.exe"="C:\Program Files\NPortDrvManager\Npcom.exe:*:Enabled:NPort Windows Driver Manager"
"C:\Download\Linksys\WMB54G_SetupWizard\WMB54G_20071113\Setup.exe"="C:\Download\Linksys\WMB54G_SetupWizard\WMB54G_20071113\Setup.exe:*:Enabled:Setup"
"C:\Download\Linksys\WMB54G+Firmware+v2.18+Upgrade+Utility\WMB54G Firmware v2.18 Upgrade Utility\Setup.exe"="C:\Download\Linksys\WMB54G+Firmware+v2.18+Upgrade+Utility\WMB54G Firmware v2.18 Upgrade Utility\Setup.exe:*:Enabled:Setup"
"C:\Program Files\VXCorp\VX-13.65\bin\vxmain.exe"="C:\Program Files\VXCorp\VX-13.65\bin\vxmain.exe:*:Enabled:VX"
"C:\Program Files\VXCorp\VX-13.75\bin\vxmain.exe"="C:\Program Files\VXCorp\VX-13.75\bin\vxmain.exe:*:Enabled:VX"
"C:\Program Files\VXCorp\VX-14.00\bin\vxmain.exe"="C:\Program Files\VXCorp\VX-14.00\bin\vxmain.exe:*:Enabled:VX"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Symantec AntiVirus\Smc.exe"="C:\Program Files\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec AntiVirus\SNAC.EXE"="C:\Program Files\Symantec AntiVirus\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\NPortSearch\nploc.exe"="C:\Program Files\NPortSearch\nploc.exe:*:Enabled:NPort Search Utility"
"C:\Program Files\NPortDrvManager\Npcom.exe"="C:\Program Files\NPortDrvManager\Npcom.exe:*:Enabled:NPort Windows Driver Manager"
"C:\Program Files\NPortAdminSuite\bin\npadmer.exe"="C:\Program Files\NPortAdminSuite\bin\npadmer.exe:*:Enabled:npadmer"
"C:\Program Files\VXCorp\VX-13.65\bin\vxmain.exe"="C:\Program Files\VXCorp\VX-13.65\bin\vxmain.exe:*:Enabled:VX"
"C:\Program Files\VXCorp\VX-13.75\bin\vxmain.exe"="C:\Program Files\VXCorp\VX-13.75\bin\vxmain.exe:*:Enabled:VX"
"C:\Program Files\VXCorp\VX-14.00\bin\vxmain.exe"="C:\Program Files\VXCorp\VX-14.00\bin\vxmain.exe:*:Enabled:VX"
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe"="C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE"="C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{631a0aa4-665b-11de-9f37-0018de2cac4b}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f9449eb-513e-11de-9ecf-001558325411}]
shell\AutoRun\command - E:\Autorun.exe /run
shell\Shell00\command - E:\Autorun.exe /run
shell\Shell01\command - E:\Autorun.exe /action
shell\Shell02\command - E:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8f64bd0-7a85-11dc-9a23-0018de2cac4b}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c31429be-4a03-11dd-9bfe-0018de2cac4b}]
shell\AutoRun\command - E:\PortableApps\geekMenu\GeekMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3947d3c-4a18-11de-9eb4-0018de2cac4b}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2009-07-06 21:33:21 ----D---- C:\rsit
2009-07-01 19:32:17 ----D---- C:\Program Files\Trend Micro
2009-06-29 13:27:09 ----D---- C:\Documents and Settings\jmiller\Application Data\FileZilla
2009-06-29 13:26:59 ----D---- C:\Program Files\FileZilla FTP Client
2009-06-28 12:38:24 ----N---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-06-28 12:37:58 ----D---- C:\Program Files\Symantec
2009-06-26 18:00:59 ----D---- C:\WINDOWS\ie8updates
2009-06-26 17:59:56 ----HDC---- C:\WINDOWS\ie8
2009-06-23 16:41:47 ----D---- C:\Program Files\Sheet Cutting Suite
2009-06-10 11:08:57 ----D---- C:\Documents and Settings\jmiller\Application Data\webex
2009-06-10 10:42:15 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 10:42:10 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 10:41:49 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2009-06-10 10:39:30 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 10:38:27 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-05-30 16:11:45 ----D---- C:\Documents and Settings\jmiller\Application Data\Logitech
2009-05-30 16:08:42 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2009-05-30 16:07:29 ----N---- C:\WINDOWS\system32\BtCoreIf.dll
2009-05-30 16:07:18 ----N---- C:\WINDOWS\system32\KemXML.dll
2009-05-30 16:07:18 ----N---- C:\WINDOWS\system32\KemWnd.dll
2009-05-30 16:07:18 ----N---- C:\WINDOWS\system32\KemUtil.dll
2009-05-30 16:07:18 ----N---- C:\WINDOWS\system32\kemutb.dll
2009-05-30 16:06:45 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2009-05-30 16:06:37 ----D---- C:\Program Files\Common Files\Logishrd
2009-05-30 16:06:25 ----D---- C:\Program Files\Logitech
2009-05-30 16:04:45 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2009-05-01 18:45:16 ----N---- C:\WINDOWS\system32\MRT.INI
2009-04-26 11:07:36 ----N---- C:\WINDOWS\IE4 Error Log.txt
2009-04-26 09:45:20 ----D---- C:\Program Files\POV-Ray for Windows v3.6
2009-04-15 18:30:36 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 18:30:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 18:28:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 18:28:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 18:27:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 18:26:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-15 07:41:08 ----N---- C:\WINDOWS\system32\xpsp4res.dll

======List of files/folders modified in the last 3 months======

2009-07-06 21:32:47 ----D---- C:\WINDOWS\Temp
2009-07-06 21:28:26 ----D---- C:\Program Files\Mozilla Firefox
2009-07-06 21:27:21 ----D---- C:\Program Files\Mozilla Thunderbird
2009-07-06 21:01:19 ----AD---- C:\Documents and Settings\jmiller\Application Data\Skype
2009-07-06 21:00:11 ----AD---- C:\Documents and Settings\jmiller\Application Data\skypePM
2009-07-06 20:59:34 ----A---- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
2009-07-06 20:59:22 ----A---- C:\WINDOWS\system32\PROCDB.INI
2009-07-06 20:58:47 ----A---- C:\Log.txt
2009-07-06 20:57:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-06 20:53:59 ----SD---- C:\WINDOWS\Tasks
2009-07-06 20:53:56 ----AD---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-07-06 20:53:45 ----D---- C:\WINDOWS\system32\NtmsData
2009-07-05 22:01:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-05 21:21:53 ----D---- C:\WINDOWS\Prefetch
2009-07-05 17:54:57 ----D---- C:\SWSHARE
2009-07-05 17:54:56 ----D---- C:\WINDOWS
2009-07-05 17:52:16 ----D---- C:\WINDOWS\system32
2009-07-02 15:06:29 ----AC---- C:\WINDOWS\ricdb.ini
2009-07-02 09:58:26 ----D---- C:\WINDOWS\security
2009-07-01 19:32:17 ----RD---- C:\Program Files
2009-07-01 16:57:35 ----AD---- C:\Documents and Settings\jmiller\Application Data\U3
2009-06-29 23:27:23 ----D---- C:\WINDOWS\system32\config
2009-06-29 13:25:56 ----D---- C:\Download
2009-06-29 12:14:47 ----C---- C:\WINDOWS\orun32.ini
2009-06-29 12:14:34 ----D---- C:\WINDOWS\Help
2009-06-29 12:10:59 ----D---- C:\WINDOWS\network diagnostic
2009-06-28 12:40:46 ----AD---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-06-28 12:40:26 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-06-28 12:39:20 ----SHD---- C:\WINDOWS\Installer
2009-06-28 12:38:24 ----D---- C:\WINDOWS\system32\drivers
2009-06-26 18:13:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-26 18:04:24 ----HD---- C:\WINDOWS\inf
2009-06-26 18:03:23 ----SHD---- C:\WINDOWS\system32\dllcache
2009-06-26 18:03:23 ----D---- C:\WINDOWS\system32\en-US
2009-06-26 18:03:23 ----D---- C:\WINDOWS\Media
2009-06-26 18:03:23 ----D---- C:\Program Files\Internet Explorer
2009-06-26 18:01:12 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-26 18:01:10 ----N---- C:\WINDOWS\imsins.BAK
2009-06-26 16:07:40 ----D---- C:\EES32
2009-06-23 07:44:04 ----SHD---- C:\WINDOWS\CSC
2009-06-22 14:49:16 ----D---- C:\Icons
2009-06-22 10:19:09 ----N---- C:\WINDOWS\DS500.INI
2009-06-15 14:39:28 ----D---- C:\Program Files\Comefri
2009-06-15 10:26:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-10 10:43:20 ----N---- C:\WINDOWS\win.ini
2009-06-10 10:41:51 ----D---- C:\Program Files\Windows Desktop Search
2009-06-10 10:41:14 ----AD---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-06-10 10:38:45 ----D---- C:\WINDOWS\ie7updates
2009-06-04 08:48:02 ----AD---- C:\Documents and Settings\jmiller\Application Data\ZoomBrowser EX
2009-06-04 07:41:02 ----AD---- C:\Documents and Settings\jmiller\Application Data\CameraWindowDC
2009-06-02 17:48:10 ----D---- C:\Program Files\Winnergy 2005
2009-06-01 12:51:12 ----N---- C:\WINDOWS\system32\MRT.exe
2009-06-01 09:15:29 ----AD---- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2009-05-30 16:09:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-30 16:06:39 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-30 16:06:37 ----D---- C:\Program Files\Common Files
2009-05-30 08:14:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-25 00:24:06 ----N---- C:\WINDOWS\system32\mssph.dll
2009-05-13 01:15:55 ----N---- C:\WINDOWS\system32\wininet.dll
2009-05-13 01:15:55 ----N---- C:\WINDOWS\system32\mshtml.dll
2009-05-12 13:24:34 ----N---- C:\WINDOWS\PSYCALC.INI
2009-05-07 11:32:35 ----N---- C:\WINDOWS\system32\localspl.dll
2009-05-06 19:16:41 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-01 20:25:51 ----N---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-01 20:18:44 ----D---- C:\WINDOWS\system32\wbem
2009-05-01 13:40:44 ----ASD---- C:\Documents and Settings\jmiller\Application Data\Microsoft
2009-05-01 13:40:42 ----AD---- C:\Documents and Settings\jmiller\Application Data\Lenovo
2009-05-01 13:40:42 ----AD---- C:\Documents and Settings\All Users\Application Data\Lenovo
2009-05-01 13:38:38 ----D---- C:\WINDOWS\PeerNet
2009-05-01 13:38:37 ----D---- C:\WINDOWS\mui
2009-05-01 13:37:24 ----RSD---- C:\WINDOWS\Fonts
2009-05-01 13:37:18 ----D---- C:\WINDOWS\ehome
2009-05-01 13:36:38 ----D---- C:\WINDOWS\AppPatch
2009-05-01 13:36:37 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-05-01 13:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-05-01 13:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-05-01 13:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-05-01 13:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-05-01 13:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-05-01 13:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-05-01 13:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-05-01 13:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-05-01 13:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-05-01 13:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-05-01 13:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-05-01 13:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-05-01 13:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-05-01 13:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-05-01 13:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-05-01 13:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-05-01 13:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-05-01 13:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-05-01 13:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-05-01 13:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-05-01 13:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-05-01 13:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2009-05-01 13:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-05-01 13:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-05-01 13:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-05-01 13:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-05-01 13:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2009-05-01 13:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-05-01 13:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-05-01 13:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-05-01 13:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-05-01 13:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-05-01 13:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-05-01 13:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-05-01 13:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2009-05-01 13:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-05-01 13:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-05-01 13:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-05-01 13:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-05-01 13:36:29 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2009-05-01 13:36:29 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2009-05-01 13:36:29 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2009-05-01 13:36:29 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-05-01 13:36:29 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$
2009-05-01 13:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
2009-05-01 13:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$
2009-05-01 13:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-05-01 13:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB941568$
2009-05-01 13:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB941202$
2009-05-01 13:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-05-01 13:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB938829$
2009-05-01 13:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2009-05-01 13:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2009-05-01 13:36:27 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-05-01 13:36:27 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2009-05-01 13:36:26 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
2009-05-01 13:36:26 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2009-05-01 13:36:26 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2009-05-01 13:36:26 ----HDC---- C:\WINDOWS\$NtUninstallKB934205$
2009-05-01 13:36:26 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2009-05-01 13:36:26 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-05-01 13:36:26 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2009-05-01 13:36:26 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2009-05-01 13:36:25 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2009-05-01 13:36:25 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2009-05-01 13:36:25 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2009-05-01 13:36:25 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-05-01 13:36:25 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2009-05-01 13:36:24 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2009-05-01 13:36:24 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2009-05-01 13:36:24 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2009-05-01 13:36:24 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2009-05-01 13:36:24 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2009-05-01 13:36:24 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2009-05-01 13:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2009-05-01 13:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2009-05-01 13:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB925486$
2009-05-01 13:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2009-05-01 13:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2009-05-01 13:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2009-05-01 13:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2009-05-01 13:36:22 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2009-05-01 13:36:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2009-05-01 13:36:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-05-01 13:36:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923694$
2009-05-01 13:36:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-05-01 13:36:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2009-05-01 13:36:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923293$
2009-05-01 13:36:21 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-05-01 13:36:21 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2009-05-01 13:36:21 ----HDC---- C:\WINDOWS\$NtUninstallKB922760$
2009-05-01 13:36:21 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2009-05-01 13:36:20 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2009-05-01 13:36:20 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2009-05-01 13:36:20 ----HDC---- C:\WINDOWS\$NtUninstallKB921503$
2009-05-01 13:36:20 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2009-05-01 13:36:20 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2009-05-01 13:36:19 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-05-01 13:36:19 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-05-01 13:36:19 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-05-01 13:36:19 ----HDC---- C:\WINDOWS\$NtUninstallKB920214$
2009-05-01 13:36:19 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2009-05-01 13:36:19 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2009-05-01 13:36:19 ----HDC---- C:\WINDOWS\$NtUninstallKB918899$
2009-05-01 13:36:18 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2009-05-01 13:36:18 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2009-05-01 13:36:18 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2009-05-01 13:36:18 ----HDC---- C:\WINDOWS\$NtUninstallKB917332$
2009-05-01 13:36:17 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2009-05-01 13:36:17 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-05-01 13:36:17 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2009-05-01 13:36:17 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-05-01 13:36:17 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-05-01 13:36:17 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-05-01 13:36:17 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-05-01 13:36:17 ----HD---- C:\WINDOWS\$NtUninstallKB912919$
2009-05-01 13:36:17 ----HD---- C:\WINDOWS\$NtUninstallKB905915$
2009-05-01 13:36:16 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-05-01 13:36:16 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2009-05-01 13:36:16 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2009-05-01 13:36:16 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2009-05-01 13:36:15 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2009-05-01 13:36:15 ----HD---- C:\WINDOWS\$NtUninstallKB896424$
2009-05-01 13:36:15 ----HD---- C:\WINDOWS\$NtUninstallKB890859$
2009-05-01 13:36:15 ----HD---- C:\WINDOWS\$NtUninstallKB890046$
2009-05-01 13:36:14 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2009-05-01 13:35:45 ----D---- C:\SystemUpdate
2009-05-01 13:34:37 ----D---- C:\SUPERAnitSpyware
2009-05-01 13:34:37 ----D---- C:\PSYCALC
2009-05-01 13:34:37 ----D---- C:\Program Files\zrvale
2009-05-01 13:34:37 ----D---- C:\Program Files\zaselect_zrvus
2009-05-01 13:34:36 ----D---- C:\Program Files\WinMerge
2009-05-01 13:34:36 ----D---- C:\Program Files\Windows NT
2009-05-01 13:34:35 ----D---- C:\Program Files\Windows Media Player
2009-05-01 13:34:35 ----D---- C:\Program Files\Windows Media Connect 2
2009-05-01 13:34:25 ----D---- C:\Program Files\Volo View Express
2009-05-01 13:34:23 ----D---- C:\Program Files\TVT SMBus
2009-05-01 13:34:23 ----D---- C:\Program Files\TimeLog
2009-05-01 13:34:23 ----D---- C:\Program Files\ThinkVantage Fingerprint Software
2009-05-01 13:33:52 ----D---- C:\Program Files\SMI2
2009-05-01 13:33:51 ----D---- C:\Program Files\RoVent
2009-05-01 13:33:48 ----D---- C:\Program Files\QuickTime
2009-05-01 13:33:46 ----D---- C:\Program Files\PlantSpec
2009-05-01 13:33:41 ----D---- C:\Program Files\PDF reDirect
2009-05-01 13:33:39 ----D---- C:\Program Files\PCommLite
2009-05-01 13:33:37 ----D---- C:\Program Files\PCDR5
2009-05-01 13:33:33 ----D---- C:\Program Files\palmOne
2009-05-01 13:33:30 ----D---- C:\Program Files\Outlook Express
2009-05-01 13:33:30 ----D---- C:\Program Files\Online Services
2009-05-01 13:33:30 ----D---- C:\Program Files\NPortDrvManager
2009-05-01 13:33:29 ----D---- C:\Program Files\NetWaiting
2009-05-01 13:33:28 ----D---- C:\Program Files\NetMeeting
2009-05-01 13:33:24 ----D---- C:\Program Files\Movie Maker
2009-05-01 13:33:23 ----D---- C:\Program Files\Microsoft Works
2009-05-01 13:32:49 ----D---- C:\Program Files\Microsoft IntelliPoint
2009-05-01 13:32:48 ----D---- C:\Program Files\Microsoft ActiveSync
2009-05-01 13:32:48 ----D---- C:\Program Files\Messenger
2009-05-01 13:32:02 ----D---- C:\Program Files\JMicron
2009-05-01 13:31:46 ----D---- C:\Program Files\HexAssistant
2009-05-01 13:31:46 ----D---- C:\Program Files\GRAPE GBW32 v4.0
2009-05-01 13:31:45 ----D---- C:\Program Files\Google
2009-05-01 13:31:43 ----D---- C:\Program Files\Firmware Update Tool
2009-05-01 13:31:41 ----D---- C:\Program Files\DWG TrueView 2008
2009-05-01 13:31:32 ----D---- C:\Program Files\Digital Line Detect
2009-05-01 13:31:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-05-01 13:31:31 ----D---- C:\Program Files\Common Files\Wextech Shared
2009-05-01 13:31:31 ----D---- C:\Program Files\Common Files\System
2009-05-01 13:30:25 ----D---- C:\Program Files\Common Files\SureThing Shared
2009-05-01 13:30:22 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-05-01 13:30:22 ----D---- C:\Program Files\Common Files\Skype
2009-05-01 13:30:07 ----D---- C:\Program Files\Common Files\Lenovo
2009-05-01 13:30:00 ----D---- C:\Program Files\Common Files\ECS Shared
2009-05-01 13:30:00 ----D---- C:\Program Files\Common Files\DESIGNER
2009-05-01 13:29:58 ----D---- C:\Program Files\Common Files\BricsCad
2009-05-01 13:29:58 ----D---- C:\Program Files\Common Files\Autodesk Shared
2009-05-01 13:29:19 ----D---- C:\Program Files\Autodesk Symbols 2000
2009-05-01 13:29:12 ----D---- C:\Program Files\AutoCAD LT 2002
2009-05-01 13:29:07 ----D---- C:\Program Files\ArrayVisualizer
2009-05-01 13:29:05 ----D---- C:\Program Files\Apple Software Update
2009-05-01 13:29:04 ----D---- C:\Program Files\Aide PDF to DXF Converter
2009-05-01 13:28:45 ----D---- C:\I386
2009-05-01 13:28:22 ----D---- C:\HAPTools
2009-05-01 13:26:41 ----AD---- C:\Documents and Settings\jmiller\Application Data\Windows Desktop Search
2009-05-01 13:26:41 ----AD---- C:\Documents and Settings\jmiller\Application Data\Thunderbird
2009-05-01 13:26:40 ----AD---- C:\Documents and Settings\jmiller\Application Data\OfficeUpdate12
2009-05-01 13:26:39 ----AD---- C:\Documents and Settings\jmiller\Application Data\Klingenburg
2009-05-01 13:26:24 ----AD---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-01 13:26:05 ----AD---- C:\CC
2009-05-01 13:26:03 ----AD---- C:\busssoft
2009-05-01 13:26:02 ----AD---- C:\BC5
2009-05-01 13:25:43 ----AD---- C:\AILWork
2009-05-01 13:25:35 ----AD---- C:\AILPlot
2009-05-01 13:25:34 ----HD---- C:\_rpcs
2009-05-01 13:25:34 ----D---- C:\WINDOWS\system32\WTablet
2009-05-01 13:25:26 ----D---- C:\WINDOWS\system32\DLA
2009-05-01 13:25:22 ----D---- C:\WINDOWS\system
2009-05-01 13:25:19 ----D---- C:\WINDOWS\Crystal
2009-05-01 13:25:18 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-05-01 13:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-05-01 13:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-05-01 13:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-05-01 13:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-05-01 13:24:23 ----D---- C:\Program Files\Tablet
2009-05-01 13:24:05 ----D---- C:\Program Files\AutoSketch
2009-05-01 13:23:22 ----AD---- C:\Documents and Settings\jmiller\Application Data\PDF reDirect
2009-05-01 11:07:20 ----N---- C:\WINDOWS\SYSTEM.INI
2009-04-30 17:22:33 ----N---- C:\WINDOWS\system32\iertutil.dll
2009-04-30 17:22:32 ----N---- C:\WINDOWS\system32\urlmon.dll
2009-04-30 17:22:32 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-04-30 17:22:32 ----N---- C:\WINDOWS\system32\ieframe.dll
2009-04-30 17:22:31 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-04-30 07:21:08 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-04-29 00:55:56 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-04-15 10:51:25 ----N---- C:\WINDOWS\system32\rpcrt4.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2008-07-02 11520]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-08-02 14848]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-06-21 250416]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-06-21 25136]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-21 191544]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-08-02 9343]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2008-06-10 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2006-07-20 7168]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-08-08 21361]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-02-02 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-02-02 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-02-02 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-02-02 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-02-02 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-02-02 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-02-02 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-11-18 40544]
R2 EGATHDRV;IBM eGatherer; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PrivateDisk;PrivateDisk; \??\C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-11-20 12288]
R2 smi2;smi2; \??\C:\Program Files\SMI2\smi2.sys []
R2 smihlp2;SMI Helper Driver (smihlp2); \??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys []
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-08-31 44384]
R2 tvtfilter;tvtfilter; \??\C:\WINDOWS\system32\drivers\tvtfilter.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-01-30 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-04-26 93824]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-01-03 2782208]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-31 851434]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 cmvad;Linksys Wireless-G Music Bridge Interface; C:\WINDOWS\system32\drivers\cmudaxv.sys [2007-03-29 1410240]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-10-12 252048]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-11-01 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-11-01 211456]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-11-02 21808]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090706.032\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090706.032\NAVEX15.SYS []
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-11-26 2236544]
R3 nptdrv2;Moxa NPort RealCOM Driver; C:\WINDOWS\system32\DRIVERS\nptdrv2.sys [2007-08-21 77440]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2004-10-25 17664]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-21 27576]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-02-14 177664]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2007-08-14 47376]
R3 TVTPktFilter;TVT Packet Filter Service; C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys [2006-07-14 17664]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-11-01 731520]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2004-04-28 328448]
S3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2004-05-11 99968]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-31 67384]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys []
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys [2005-12-05 192512]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
S3 NETw3x32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-09-27 1709696]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-06-30 21760]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-06-21 277040]
S3 U2SP;USB to Serial Converter Driver(Philips); C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys [2004-05-05 23296]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 vsdatant;vsdatant; a []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2008-07-05 90112]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-06-24 455960]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2008-07-05 212992]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-01-03 495616]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2006-05-31 266295]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-06-21 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-06-21 108392]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-05-24 622700]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-11-19 794624]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2007-11-02 36136]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2008-12-18 9158656]
R2 OLicenseServer;OLicense Server; C:\Program Files\optimum\olicense\olicenseserver.exe [2007-03-01 3276800]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-06-10 94208]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-11-19 483328]
R2 Retrospect Client;Retrospect Client; C:\Program Files\Dantz\Client\Remotsvc.exe [2001-09-26 20480]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-11-19 1183744]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2008-06-21 2532736]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2008-10-20 28672]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2008-06-21 2177464]
R2 TabletServicePen;TabletServicePen; C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 1373480]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2008-05-14 37416]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2005-06-07 32768]
R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2006-07-14 723712]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2006-07-14 1974272]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 tvtnetwk;tvtnetwk; C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe [2006-07-14 45056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
S2 IPSSVC;IPS Core Service; C:\WINDOWS\system32\IPSSVC.EXE [2006-08-16 73728]
S2 Retrospect Helper;Retrospect Helper; C:\Program Files\Dantz\Client\rthlpsvc.exe [2001-10-02 53248]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-11 3093872]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-04 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe []
S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2008-06-21 234888]
S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-04 323584]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 npsrcsvr;NPort Secure Service; C:\WINDOWS\system32\npsrcsvr.exe [2007-08-21 733184]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

-----------------EOF-----------------

********** info.txt from RIST.exe **********

info.txt logfile of random's system information tool 1.06 2009-07-06 21:33:49

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
Access Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL
Acronis True Image Echo Workstation-->MsiExec.exe /X{3ED07A82-39A8-4D1A-BB36-23FCABD2AC9A}
ActivePerl 5.10.0 Build 1002-->MsiExec.exe /I{49C69876-0196-4620-B237-EA334C2E40B5}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Aeolus Plus-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{520B4A1F-26FC-40D2-A832-E56D0E34B371}
Aide PDF to DXF Converter 9.5-->"C:\Program Files\Aide PDF to DXF Converter\unins000.exe"
AILAve-->C:\WINDOWS\uninst.exe -f"C:\Program Files\AIL Research, Inc\AILAve\DeIsL1.isu" -c"C:\Program Files\AIL Research, Inc\AILAve\_ISREG32.DLL"
AILPlot-->C:\WINDOWS\uninst.exe -fC:\AILPlot\DeIsL1.isu -cC:\AILPlot\_ISREG32.DLL
Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AnswerWorks Runtime-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ArcSoft TotalMedia Backup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87A54796-0620-4899-BAF7-7778A7FB54CB}\Setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
AutoCAD LT 2002-->MsiExec.exe /I{5783F2D7-0109-0409-0000-0060B0CE6BBA}
Autodesk Design Review 2009-->C:\Program Files\Autodesk\Autodesk Design Review\Setup\Setup.exe /P {450063AA-643B-417C-8CF5-405BA3F4EF40} /M ADR
Autodesk Symbols 2000-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Autodesk Symbols 2000\DeIsL1.isu"
AutoSketch v6.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\AutoSketch\DeIsL1.isu"
BELKIN F5U109 V1.25-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16115E10-502B-4EA0-BD39-4DA329AD89E2}\Setup.exe" -l0x9
BobCAD-CAM V20-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7FE673B2-140E-4B46-ADBA-6FECFAC509A5}\SETUP.EXE" -l0x9
Borland C++ 5.02-->C:\WINDOWS\BC5RMV.EXE C:\BC5\BC5RMV.LOG
BricsCad 7.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{214C847B-6E35-439C-9DF6-119FC18D6269}\setup.exe" -l0x9
BRINEPROP-->C:\WINDOWS\uninst.exe -f"c:\program files\ees32\userlib\brineprop\DeIsL1.isu" -c"c:\program files\ees32\userlib\brineprop\_ISREG32.DLL"
Button Manager of JMicron-->C:\Program Files\JMicron\JMBtnUninstall.exe
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon PhotoRecord-->MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
CanoScan LiDE 600F-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802 /L0x0009
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Client Security Solution-->MsiExec.exe /I{48227AEB-DC8E-4A90-A274-0B4A39D699B1}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DIGITAL Array Visualizer 1.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArrayVisualizer\AVUNINST.ISU"
DirectSOFT 5 - Programming-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8548BB1A-6F46-4A8B-A63F-3618200258DB}\setup.exe" -l0x9 -removeonly
Diskeeper Lite-->MsiExec.exe /X{796E076A-82F7-4D49-98C8-DEC0C3BC733A}
DWG TrueView 2008-->C:\Program Files\DWG TrueView 2008\Setup\Setup.exe /P {B1A9CD45-A702-4E3B-91ED-8CD562869901} /M AOEM
EES - Engineering Equation Solver-->C:\EES32\UNWISE.EXE C:\EES32\INSTALL.LOG
erLT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
FileOpen Plug-in for Adobe Acrobat® and Adobe Reader®-->MsiExec.exe /I{2E8DC19D-E1E1-402D-A483-CFF559207B94}
FileZilla Client 3.2.6-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Firmware Update Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{121B6911-85B7-49EB-B4ED-5CB2786827E6}\Setup.exe"
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Desktop-->MsiExec.exe /I{E4A72492-6674-46F4-8322-7FE498B6CD17}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\SETUP.EXE" -l0x9 -AddRemove
HexAssistant 2.5-->C:\Program Files\HexAssistant\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HOBOware Pro 2.7
...es\Onset Computer Corporation\HOBOware Pro-->"C:\Program Files\Onset Computer Corporation\HOBOware Pro\unins000.exe"
Hotfix 2050 for SQL Server 2000 ENU (KB948110)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\spuninst.exe"
Hotfix 2055 for SQL Server 2000 ENU (KB960082)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\spuninst\spuninst.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
InstallShield Express BC++ 5.02 Edition-->C:\WINDOWS\uninst.exe -f"C:\Program Files\InstallShield\InstallShield Express BC++ 5.02 Edition\DeIsL1.isu" -cC:\PROGRA~1\INSTAL~2\INSTAL~1.02E\_ISREG32.DLL
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD Creator 3-->"C:\Program Files\InstallShield Installation Information\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Linksys Wireless-G Music Bridge-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CCDF8BE-8BE8-45F1-BDAD-1195131E5AC5}\setup.exe" -l0x9
LiveUpdate 3.3 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LoggerNet 3.2.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B101941-675F-4470-93D6-BFED1469DF7E}\setup.exe" -l0x9 -removeonly
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x9 -AddRemove
MetaFrame Presentation Server Web Client for Win32-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Outlook 2003 with Business Contact Manager Update-->MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {EA35370F-586C-45E1-AC6C-A4E275C6B762}
Microsoft Office Visio 2007 Service Pack 1 (SP1)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}
Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPROR /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{91120000-0051-0000-0000-0000000FF1CE}
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.22)-->C:\PROGRA~1\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
NetEdit 3-->C:\WINDOWS\IsUninst.exe -fC:\HAPTools\UnNetEd3.isu
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NIBCO Chemtrol/Autocad Database Installation-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Chemtrol\ST5UNST.LOG"
NPort Windows Driver Manager-->"C:\Program Files\NPortDrvManager\unins000.exe"
OLicense-Server-->C:/WINDOWS/oinstall.exe C:/Program Files/optimum/olicense/OLicense-Server.uinst -uninstall
On Screen Display-->rundll32.exe "C:\Program Files\Lenovo\HOTKEY\cleanup.dll",InfUninstall DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
OnePlate-->C:\WINDOWS\uninst.exe -f"C:\Program Files\AIL Research, Inc\OnePlate\DeIsL2.isu" -cC:\PROGRA~1\AILRES~1\OnePlate\_ISREG32.DLL
Palm Desktop-->MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
PC200W 3.3-->"C:\Program Files\InstallShield Installation Information\{0D37CBCA-25EE-41FE-A677-BB23D07A35BF}\setup.exe" -runfromtemp -l0x0009 -removeonly
PC-Doctor 5 for Windows-->C:\Program Files\PCDR5\uninst.exe
PComm Lite Ver1.3-->"C:\Program Files\PCommLite\unins000.exe"
PDF reDirect (remove only)-->C:\Program Files\PDF reDirect\Uninstall.exe
Pen Tablet-->C:\Program Files\Tablet\Pen\Remove.exe /u
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PlantSpec 9.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\PlantSpec\Uninst.isu" -c"C:\Program Files\PlantSpec\PpUninst.dll" -L=GB
Productivity Center Supplement for ThinkPad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\setup.exe" -l0x9 -AddRemove
promis-e Aero (BricsCad) Licensing Upgrade-->MsiExec.exe /I{3536E016-BF89-45E0-8EE5-C3A46A3FCBA6}
promis-e Aero JIC (BricsCadV6)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{8A015426-A512-46B1-AE5E-BFE17DB7E509} /l1033
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Remove Multimedia Center-->C:\swtools\apps\MMCfTO\customiz\sequencer.exe -fc:\swtools\apps\MMCfTO\customiz\uninst.seq
Rescue and Recovery Critical Patch for Windows Update (KB917422)-->MsiExec.exe /X{83E5061B-A69A-46AD-A780-1DA6569FF283}
Rescue and Recovery-->MsiExec.exe /I{7726CF62-7B45-4E6D-9266-615346816BCA}
Responsive Time Logger-->C:\PROGRA~1\UNWISE.EXE C:\PROGRA~1\INSTALL.LOG
Retrospect Client 5.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D527478-91A2-11D5-B32D-0050DA8095DF}\setup.exe"
RoVent english-->C:\WINDOWS\iun3403.exe c:\program files\RoVent
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Visio 2007 (KB957831)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {DA824D83-D80E-47AE-9726-7F5E810330C8}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sentinel LM Client - Version 4-->C:\Program Files\InstallShield Installation Information\{A8EBB839-68C0-4918-9314-B8B4F0116B5C}\setup.exe -runfromtemp -l0x0409
Sheet Cutting Suite-->"C:\Program Files\Sheet Cutting Suite\unins000.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic Icons for Lenovo-->MsiExec.exe /I{B334D9AE-1393-423E-97C0-3BDC3360E692}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Endpoint Protection-->MsiExec.exe /I{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}
System Migration Assistant-->MsiExec.exe /X{9EA84FDD-CCC0-47FD-A993-923165BEA47A}
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
ThinkPad Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
ThinkPad Configuration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad EasyEject Utility -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier-->rundll32.exe "C:\Program Files\Lenovo\ZOOM\cleanup.dll",InfUninstall DefaultUninstall 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Keyboard Customizer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\Setup.exe" -l0x9 anything
ThinkPad Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.INF
ThinkPad PC Card Power Policy-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\SWTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad Presentation Director-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
ThinkPad UltraNav Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE" -l0x9 UNINSTALL
ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\setup.exe" -l0x9 anything
ThinkVantage Active Protection System-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Away Manager-->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
ThinkVantage Fingerprint Software 5.6-->MsiExec.exe /I{A2289997-10A3-48F2-AA03-99180D761661}
ThinkVantage Productivity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\setup.exe" -l0x9 -AddRemove
ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
TrackPoint Accessibility Features-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\Setup.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Visual Fortran 6.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft Visual Studio\DF98\DFUNINST.ISU"
Volo View Express-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Volo View Express\DeIsL1.isu"
VX 13.75-->C:\WINDOWS\vxu.exe -k "VX 13.75" -d "C:\Program Files\VXCorp\VX-13.75"
VX 14.00-->C:\Program Files\VXCorp\VX-14.00\vxu.exe -k "VX 14.00" -d "C:\Program Files\VXCorp\VX-14.00"
Wallpapers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x9 UNINSTALL
WebEx Meeting Manager for Firefox/Netscape/Chrome-->MsiExec.exe /I{D491FEB0-3D6A-49DE-8C97-8D4D0036E07E}
WebEx-->C:\PROGRA~1\MOZILL~2\plugins\atcliun.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinMerge 2.6.0.0-->"C:\Program Files\WinMerge\unins000.exe"
Winnergy 2005-->MsiExec.exe /I{7096ED11-20E6-46EE-A54A-3261BF81BE9E}
XP Themes-->MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}
zaselect_zrvus-->MsiExec.exe /X{89E478C9-AEB0-11D5-8DB1-000000000048}
zrvale-->MsiExec.exe /I{E5CAD886-2178-4990-B358-3023865C91C6}

======Hosts File======

127.0.0.1 mozilla.com
127.0.0.1 www.mozilla.com
127.0.0.1 firefox.com
127.0.0.1 www.firefox.com
127.0.0.1 www.firefox2.com
127.0.0.1 firefox2.com
127.0.0.1 ftp.saix.net
127.0.0.1 download.mozilla.com

======Security center information======

AV: Symantec Endpoint Protection

======System event log======

Computer Name: JEFF9
Event Code: 27
Message: Intel® PRO/1000 PL Network Connection
Link has been disconnected.

Record Number: 62935
Source Name: e1express
Time Written: 20090626164304.000000-240
Event Type: warning
User:

Computer Name: JEFF9
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Record Number: 62886
Source Name: DCOM
Time Written: 20090626162457.000000-240
Event Type: error
User: AILR\jmiller

Computer Name: JEFF9
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001558325411. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 62705
Source Name: Dhcp
Time Written: 20090626151555.000000-240
Event Type: warning
User:

Computer Name: JEFF9
Event Code: 27
Message: Intel® PRO/1000 PL Network Connection
Link has been disconnected.

Record Number: 62702
Source Name: e1express
Time Written: 20090626151546.000000-240
Event Type: warning
User:

Computer Name: JEFF9
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Record Number: 62701
Source Name: DCOM
Time Written: 20090626151433.000000-240
Event Type: error
User: AILR\jmiller

=====Application event log=====

Computer Name: JEFF9
Event Code: 6
Message:


Could not scan 161 files inside c:\SWTOOLS\Apps\rnr\Z180ZAB1022AR00.TVT due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servlet/P...ld=symantec_ent


Record Number: 64142
Source Name: Symantec AntiVirus
Time Written: 20090616082713.000000-240
Event Type: warning
User:

Computer Name: JEFF9
Event Code: 6
Message:


Could not scan 26 files inside c:\SWTOOLS\Apps\rnr\Z180ZAB1022FI00.TVT due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servlet/P...ld=symantec_ent


Record Number: 64141
Source Name: Symantec AntiVirus
Time Written: 20090616082712.000000-240
Event Type: warning
User:

Computer Name: JEFF9
Event Code: 6
Message:


Could not scan 4 files inside c:\RECYCLER\S-1-5-21-1844237615-1214440339-725345543-500\Dc4.default\Mail\Local Folders\Inbox due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servlet/P...ld=symantec_ent


Record Number: 64140
Source Name: Symantec AntiVirus
Time Written: 20090616082638.000000-240
Event Type: warning
User:

Computer Name: JEFF9
Event Code: 6
Message:


Could not scan 2 files inside c:\Program Files\Lenovo\System Update\session\7zu202ww\7zu202ww.exe due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servlet/P...ld=symantec_ent


Record Number: 64139
Source Name: Symantec AntiVirus
Time Written: 20090616081150.000000-240
Event Type: warning
User:

Computer Name: JEFF9
Event Code: 6
Message:


Could not scan 3 files inside c:\Program Files\Lenovo\System Update\session\7vu714ww\7vu714ww.exe due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servlet/P...ld=symantec_ent


Record Number: 64138
Source Name: Symantec AntiVirus
Time Written: 20090616081139.000000-240
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Microsoft Visual Studio\Common\Tools;C:\Program Files\Microsoft Visual Studio\Common\Msdev98\BIN;C:\Program Files\Microsoft Visual Studio\DF98\BIN;C:\Program Files\Microsoft Visual Studio\VC98\BIN;C:\Perl\site\bin;C:\Perl\bin;C:\Program Files\ThinkPad\Utilities;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Common Files\Lenovo;C:\Program Files\Lenovo\Client Security Solution;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SMA"=C:\Program Files\ThinkVantage\SMA\
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"TVT"=C:\Program Files\Lenovo
"TVTCOMMON"=C:\Program Files\Common Files\Lenovo
"SWSHARE"=C:\SWSHARE
"RR"=C:\Program Files\Lenovo\Rescue and Recovery
"TVTPYDIR"=C:\Program Files\Common Files\Lenovo\Python24
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"TPCCommon"=C:\PROGRA~1\THINKV~2\PrdCtr
"INCLUDE"=C:\Program Files\Microsoft Visual Studio\DF98\IMSL\INCLUDE;C:\Program Files\Microsoft Visual Studio\DF98\INCLUDE;C:\Program Files\Microsoft Visual Studio\VC98\INCLUDE
"LIB"=C:\Program Files\Microsoft Visual Studio\DF98\IMSL\LIB;C:\Program Files\Microsoft Visual Studio\DF98\LIB;C:\Program Files\Microsoft Visual Studio\VC98\LIB
"CPU"=i386
"VNI_F90_MSG"=C:\Program Files\Microsoft Visual Studio\DF98\IMSL\MESSAGE
"LINK_F90"=sstatd.lib sstats.lib smathd.lib smaths.lib sf90mp.lib

-----------------EOF-----------------

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:26 PM

Posted 06 July 2009 - 09:29 PM

Hi HopewellJAM,

log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). 

Note: Do not run Option #2 yet.

Did you run Option #2? :thumbup2: You were told NOT to run it.

Edited by SifuMike, 06 July 2009 - 09:37 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 HopewellJAM

HopewellJAM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 07 July 2009 - 08:12 AM

Hi HopewellJAM,

log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). 

Note: Do not run Option #2 yet.

Did you run Option #2? :thumbup2: You were told NOT to run it.


SifuMike,

When I double-clicked on GooredFix.exe it ran straight through with no options window and popped GooredLog.txt in a Notepad window. I didn't see any option to pick #1 to #2 or none of the above. There didn't seem to be anyway to undo do it so I posted the log.

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:26 PM

Posted 07 July 2009 - 09:50 AM

Hi HopewellJAM,

OK, sounds like they changed the program.

Please tell me how your computer is running? Still being redirected?
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 HopewellJAM

HopewellJAM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 07 July 2009 - 10:54 AM

SifuMike,

Still redirected. This morning it was to www.shopica.com. I see there a reference to redirects to this particular site on bleepingcomputer (see forums/topic124461.html). I didn't try that solution until I checked back in with you.

HopewellJAM

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:26 PM

Posted 07 July 2009 - 02:38 PM

Hi HopewellJAM,


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 6 Update 13
    Java 6 Update 5
    Java 6 Update 7
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586.exe to install the newest version.

We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your Symantec Antivirus and Spybot Teatimer before running ComboFix, as they will prevent it from running.

To disable SYMANTEC ENDPOINT PROTECTION
Right click on the icon in the taskbar notification area & select "Disable Symantec EndPoint Protection".
Posted Image

Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your log is clean.

* Open Spybot Search & Destroy.
* In the Mode menu click "Advanced mode" if not already selected.
* Choose "Yes" at the Warning prompt.
* Expand the "Tools" menu.
* Click "Resident".
* Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
* In the File menu click "Exit" to exit Spybot Search & Destroy.



Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop..
Post the log from ComboFix in your next reply,

A caution - ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me.
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 HopewellJAM

HopewellJAM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 07 July 2009 - 06:56 PM

SifuMike,

Here's the Combofix log.

ComboFix 09-07-07.A2 - jmiller 07/07/2009 19:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1169 [GMT -4:00]
Running from: c:\documents and settings\jmiller\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\recycler\S-1-5-21-312721991-1593658666-3213506018-500
c:\windows\Installer\16829d.msi
c:\windows\Installer\1682a2.msi
c:\windows\Installer\1682a6.msi
c:\windows\Installer\1682b3.msi
c:\windows\Installer\1682b8.msi
c:\windows\Installer\1682c0.msi
c:\windows\Installer\1682cd.msi
c:\windows\Installer\1682d2.msi
c:\windows\Installer\1682da.msi
c:\windows\Installer\1682e2.msi
c:\windows\Installer\1682ea.msi
c:\windows\Installer\234c994.msp
c:\windows\Installer\234c9a0.msp
c:\windows\Installer\2545737.msp
c:\windows\Installer\254573f.msp
c:\windows\Installer\ad203.msi
c:\windows\winhelp.ini

Infected copy of c:\windows\system32\ws2_32.dll was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\ws2_32.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.

2009-07-07 01:33 . 2009-07-07 01:33 -------- d-----w- C:\rsit
2009-07-01 23:32 . 2009-07-01 23:32 -------- d-----w- c:\program files\Trend Micro
2009-06-29 17:27 . 2009-06-30 16:54 -------- d-----w- c:\documents and settings\jmiller\Application Data\FileZilla
2009-06-29 17:26 . 2009-06-29 17:27 -------- d-----w- c:\program files\FileZilla FTP Client
2009-06-29 16:06 . 2009-06-29 16:06 -------- d-sh--w- c:\documents and settings\jmiller\PrivacIE
2009-06-28 16:38 . 2009-06-28 16:38 60808 ------w- c:\windows\system32\S32EVNT1.DLL
2009-06-28 16:38 . 2009-06-28 16:38 136496 ------w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-28 16:37 . 2009-06-28 16:38 -------- d-----w- c:\program files\Symantec
2009-06-26 22:09 . 2009-06-26 22:09 -------- d-sh--w- c:\documents and settings\jmiller\IETldCache
2009-06-26 22:04 . 2009-06-26 22:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-26 22:01 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-26 22:00 . 2009-06-26 22:00 -------- d-----w- c:\windows\ie8updates
2009-06-26 22:00 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-26 22:00 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-26 21:59 . 2009-06-26 22:00 -------- dc-h--w- c:\windows\ie8
2009-06-23 20:41 . 2009-06-23 20:49 -------- d-----w- c:\program files\Sheet Cutting Suite
2009-06-10 15:08 . 2009-06-10 15:08 -------- d-----w- c:\documents and settings\jmiller\Application Data\webex

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 23:47 . 2009-01-10 15:50 -------- d---a-w- c:\documents and settings\jmiller\Application Data\Skype
2009-07-07 23:28 . 2009-01-10 15:54 -------- d---a-w- c:\documents and settings\jmiller\Application Data\skypePM
2009-07-07 23:21 . 2006-11-03 19:21 -------- d-----w- c:\program files\Java
2009-07-07 22:43 . 2006-11-21 19:47 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-07-07 18:33 . 2008-11-25 03:06 -------- d---a-w- c:\documents and settings\jmiller\Application Data\ZoomBrowser EX
2009-07-07 18:33 . 2008-11-25 03:05 -------- d---a-w- c:\documents and settings\jmiller\Application Data\CameraWindowDC
2009-07-07 18:25 . 2006-11-07 15:29 100384 ----a-w- c:\documents and settings\jmiller\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-07 17:19 . 2006-11-07 09:52 100384 ----a-w- c:\documents and settings\Jeffrey Miller\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-07 00:53 . 2008-06-07 18:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-05 21:52 . 2006-11-03 19:31 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2009-07-01 20:57 . 2007-10-14 18:46 -------- d---a-w- c:\documents and settings\jmiller\Application Data\U3
2009-06-28 16:41 . 2008-06-21 14:22 706 ------w- c:\windows\system32\drivers\COH_Mon.inf
2009-06-28 16:41 . 2008-06-21 14:22 23888 ------w- c:\windows\system32\drivers\COH_Mon.sys
2009-06-28 16:41 . 2008-06-21 14:22 10537 ------w- c:\windows\system32\drivers\coh_mon.cat
2009-06-28 16:40 . 2006-11-03 19:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-28 16:40 . 2008-06-21 14:22 1290584 ------w- c:\documents and settings\All Users\Application Data\Symantec\SyKnAppS\SyKnAppS.dll
2009-06-28 16:40 . 2006-11-03 19:25 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-28 16:38 . 2009-06-28 16:38 806 ------w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-28 16:38 . 2009-06-28 16:38 10652 ------w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-26 22:13 . 2009-03-19 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-26 22:13 . 2009-04-01 14:04 3561743 ------w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 15:27 . 2009-03-19 16:41 38160 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-03-19 16:41 19096 ------w- c:\windows\system32\drivers\mbam.sys
2009-06-15 18:39 . 2007-02-02 17:13 -------- d-----w- c:\program files\Comefri
2009-06-15 14:26 . 2009-01-12 14:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-10 14:41 . 2009-01-21 16:55 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-10 14:41 . 2007-11-28 16:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-02 21:48 . 2007-12-04 14:18 -------- d-----w- c:\program files\Winnergy 2005
2009-06-01 13:15 . 2008-11-25 02:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-05-30 20:11 . 2009-05-30 20:11 -------- d-----w- c:\documents and settings\jmiller\Application Data\Logitech
2009-05-30 20:11 . 2009-05-30 20:11 53248 ------r- c:\documents and settings\jmiller\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2009-05-30 20:11 . 2009-05-30 20:06 -------- d-----w- c:\program files\Common Files\Logishrd
2009-05-30 20:09 . 2009-05-30 20:09 0 ---h--w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-05-30 20:08 . 2009-05-30 20:08 0 ---h--w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-05-30 20:08 . 2009-05-30 20:08 0 ---h--w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-05-30 20:06 . 2009-05-30 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-05-30 20:06 . 2006-11-03 19:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-30 20:06 . 2009-05-30 20:06 -------- d-----w- c:\program files\Logitech
2009-05-30 20:04 . 2009-05-30 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-05-25 04:24 . 2008-05-27 03:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-13 05:15 . 2006-04-30 06:56 915456 ------w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2006-04-30 06:55 345600 ------w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ------w- c:\windows\system32\GPhotos.scr
2009-04-17 12:26 . 2006-04-30 06:55 1847168 ------w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2006-04-30 06:55 585216 ------w- c:\windows\system32\rpcrt4.dll
1999-06-25 15:55 . 2006-11-20 18:00 149504 ------w- c:\program files\UNWISE.EXE
2009-03-06 17:06 . 2009-03-06 17:06 27976 ------w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-03-06 17:06 . 2009-03-06 17:06 126360 ------w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-03-06 17:07 . 2009-03-06 17:07 46408 ------w- c:\program files\mozilla firefox\plugins\atmccli.dll
2009-06-10 15:08 . 2009-06-10 15:08 98712 ------w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-06-10 311296]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-14 41472]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-01-11 144728]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-06-10 208896]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"AMSG"="c:\progra~1\THINKV~2\AMSG\amsg.exe" [2005-11-14 487424]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-07-05 143360]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-07-05 425984]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"CmFlywaveName"="c:\windows\System\CmFlywav.exe" [2007-10-05 283466]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-01-11 124248]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe" [2008-06-25 1274792]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe" [2008-06-24 884696]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-06-24 140568]
"NPDTRAY"="c:\progra~1\ThinkPad\UTILIT~1\NPDTray.exe" [2006-07-20 221184]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-21 115560]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2008-06-06 181536]
"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-10-17 65536]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\documents and settings\jmiller\Start Menu\Programs\Startup\
JMicron Button Manager.lnk - c:\program files\JMicron\JMBtnMgr.EXE [2007-10-23 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ------w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-08-14 19:54 89600 ------w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 20:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 20:02 34080 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2008-07-05 04:57 32768 ------w- c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NPortDrvManager\\Npcom.exe"=
"c:\\Download\\Linksys\\WMB54G_SetupWizard\\WMB54G_20071113\\Setup.exe"=
"c:\\Download\\Linksys\\WMB54G+Firmware+v2.18+Upgrade+Utility\\WMB54G Firmware v2.18 Upgrade Utility\\Setup.exe"=
"c:\\Program Files\\VXCorp\\VX-13.75\\bin\\vxmain.exe"=
"c:\\Program Files\\VXCorp\\VX-14.00\\bin\\vxmain.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [5/14/2008 4:21 PM 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [5/14/2008 4:21 PM 19496]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [11/3/2006 3:10 PM 4442]
R2 OLicenseServer;OLicense Server;c:\program files\optimum\olicense\olicenseserver.exe [11/21/2006 3:21 PM 3276800]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/8/2008 9:30 AM 94208]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 8:05 PM 58368]
R2 Retrospect Client;Retrospect Client;c:\program files\Dantz\Client\remotsvc.exe [3/9/2007 2:13 PM 20480]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 7:55 PM 3968]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [8/14/2007 3:46 PM 10896]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [3/5/2009 8:22 PM 1373480]
R3 cmvad;Linksys Wireless-G Music Bridge Interface;c:\windows\system32\drivers\cmudaxv.sys [5/10/2008 10:58 AM 1410240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/28/2009 11:44 AM 101936]
R3 nptdrv2;Moxa NPort RealCOM Driver;c:\windows\system32\drivers\nptdrv2.sys [7/28/2008 11:53 AM 77440]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [6/21/2008 10:22 AM 23888]
S4 npsrcsvr;NPort Secure Service;c:\windows\system32\npsrcsvr.exe [7/28/2008 11:53 AM 733184]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-22 22:47]

2009-07-07 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-11-03 05:40]
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)
SafeBoot-Symantec Antvirus


.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: ibm.com\icm1.teleweb.ca
Trusted Zone: lenovo.com\chat.lel
Trusted Zone: lenovo.com\expertslive
Trusted Zone: lenovo.com\rto1.lel
Trusted Zone: lenovo.com\rto2.lel
Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\Common Files\BricsCad\BrxProtIE.dll
DPF: {975BA4C8-C5A7-4CFD-9F42-10CF4B75F580} - hxxps://expertslive.lenovo.com/home/activex/actx.cab
FF - ProfilePath - c:\documents and settings\jmiller\Application Data\Mozilla\Firefox\Profiles\899c9gpt.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 19:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\jmiller\LOCALS~1\Temp\etilqs_S0g25utGNBB0uTo8Ue2Z 556032 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1332)
c:\windows\system32\vrlogon.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\psqlpwd.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'lsass.exe'(1388)
c:\windows\system32\relog_ap.dll
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\windows\system32\WININET.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll

- - - - - - - > 'explorer.exe'(7916)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\msdtc.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dantz\Client\retroclient.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system\cmas2ds.exe
c:\windows\system\cmas2ds.exe
c:\windows\system\cmas2ds.exe
c:\windows\system\cmas2ds.exe
c:\windows\system\cmas2ds.exe
c:\windows\system\cmas2ds.exe
c:\windows\system\cmas2ds.exe
c:\windows\system\cmas2ds.exe
c:\windows\system\cmas2ds.exe
c:\windows\system\cmas2ds.exe
c:\program files\ThinkPad\Bluetooth Software\BTTray.exe
c:\program files\Digital Line Detect\DLG.exe
c:\windows\system\cmas2ds.exe
c:\program files\Logitech\SetPoint\SetPoint.exe
c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
c:\windows\system\cmas2ds.exe
c:\program files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2009-07-07 19:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-07 23:50

Pre-Run: 61,899,513,856 bytes free
Post-Run: 61,938,753,536 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

419 --- E O F --- 2009-06-26 22:01

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:26 PM

Posted 07 July 2009 - 09:49 PM

Hi HopewellJAM,

Looks good. :thumbup2: How is the computer running?


Now we look for lingering malware.

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post even if it finds nothing.
You can refer to this animation by sundavis if needed.

Edited by SifuMike, 07 July 2009 - 09:51 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 HopewellJAM

HopewellJAM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 08 July 2009 - 01:19 PM

SifuMike,

Things seem to be running better. No Google redirects. FTP working again. E-mail checking working again. Thanks for the help.

Here's the Karpersky log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, July 8, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, July 08, 2009 14:19:51
Records in database: 2443339
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
G:\

Scan statistics:
Files scanned: 246549
Threat name: 4
Infected objects: 6
Suspicious objects: 5
Duration of the scan: 04:20:09


File name / Threat name / Threats count
C:\Documents and Settings\jmiller\Application Data\Thunderbird\Profiles\mmur6u0e.default\Mail\Local Folders\Eudora Mail.sbd\Questionable Infected: Trojan-Spy.HTML.Bayfraud.cg 1
C:\Documents and Settings\jmiller\Application Data\Thunderbird\Profiles\mmur6u0e.default\Mail\Local Folders\InboxOLD Suspicious: Trojan-Spy.HTML.Fraud.gen 2
C:\Documents and Settings\jmiller\Application Data\Thunderbird\Profiles\mmur6u0e.default\Mail\Local Folders\InboxOLD Infected: Trojan.HTML.PCard.p 1
C:\TEMP\Profiles\mmur6u0e.default\Mail\Local Folders\Eudora Mail.sbd\Questionable Infected: Trojan-Spy.HTML.Bayfraud.cg 1
C:\TEMP\Profiles\mmur6u0e.default\Mail\Local Folders\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 3
C:\TEMP\Profiles\mmur6u0e.default\Mail\Local Folders\Inbox Infected: Trojan.HTML.PCard.p 1
C:\Temporary\ScanPort\ScanPort.exe Infected: not-a-virus:NetTool.Win32.Scan.g 1
C:\Temporary\ScanPort.zip Infected: not-a-virus:NetTool.Win32.Scan.g 1

The selected area was scanned.

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:26 PM

Posted 08 July 2009 - 04:42 PM

Hi HopewellJAM,


Kaspersky found malware in your Eudora, InBoxOLD and InBox folders. It does not tell which file in the folder is the bad one. :thumbup2:

C:\Documents and Settings\jmiller\Application Data\Thunderbird\Profiles\mmur6u0e.default\Mail\Local Folders\Eudora Mail.sbd\ Questionable Infected: Trojan-Spy.HTML.Bayfraud.cg 1
C:\Documents and Settings\jmiller\Application Data\Thunderbird\Profiles\mmur6u0e.default\Mail\Local Folders\InboxOLD Suspicious: Trojan-Spy.HTML.Fraud.gen 2
C:\Documents and Settings\jmiller\Application Data\Thunderbird\Profiles\mmur6u0e.default\Mail\Local Folders\InboxOLD Infected: Trojan.HTML.PCard.p 1
C:\TEMP\Profiles\mmur6u0e.default\Mail\Local Folders\Eudora Mail.sbd\ Questionable Infected: Trojan-Spy.HTML.Bayfraud.cg 1
C:\TEMP\Profiles\mmur6u0e.default\Mail\Local Folders\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 3
C:\TEMP\Profiles\mmur6u0e.default\Mail\Local Folders\Inbox Infected: Trojan.HTML.PCard.p 1




I dont think you want to delete the Eudora, InBoxOLD and InBox folders, as all of your email would be gone.
The infections are probably an an email with an attachment (the attactment file has a worm).
Easiest way to get rid of it is open the folders and delete all the file attachments that look suspicious (but dont download the attached file).

Let me know when you have done that. We still have to do some program cleanup.

Edited by SifuMike, 08 July 2009 - 04:43 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 HopewellJAM

HopewellJAM
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 08 July 2009 - 07:16 PM

SifuMike,

Taken care of. What's next?

HopewellJAM

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:26 PM

Posted 08 July 2009 - 09:10 PM

Hi HopewellJAM,

Next we do the program clean up. :thumbup2:

Delete Security Check, RSIT and GooredFix from your desktop.

Uninstall ComboFix, go to to Start > Run & type in ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete any of its related folders and files (Qoobox
VundoFix Backups, Avenger, _OTM3), reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Please read and follow
<a href="http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/" target="_blank">
Simple and easy ways to keep your computer safe and secure on the Internet
</a> as well
Groovicus' Guide to Simple PC Security to help keep yourself from becoming infected again, as well as
How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware' by miekiemoes

If you want to improve speed/system performance after malware removal, take a look here.

Edited by SifuMike, 08 July 2009 - 09:12 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:26 PM

Posted 19 July 2009 - 12:38 AM

Since your problem appears to be resolved, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users